Looks like the fake meds gang have started to spoofing Microsoft too. I've received 5 of these bad boys so far, nothing particularly special about them, and they're certainly nowhere near convincing, which in itself is unusual (those impersonating Microsoft previously, whether leading to fake meds or malware, have usually been a lot more convincing than this).
They've included individual URLs so far;
But predictably, have only led to one of two domains;
Both domains belong to a couple of IPs that are well known for housing fake meds domains, so this is also no surprise. You'd have thought they'd have switched to something a little less predictable by now.
IP PTR: 91-205-74-218.arpa.teredo.pl
ASN: 41508 22.214.171.124/22 PL-IWACOM-AS IWACOM Sp. z o.o.
IP PTR: Resolution failed
ASN: 2819 126.96.36.199/24 GTSCZ GTS NOVERA (GTS CZ)
The headers for these;